Red
Teaming
vs
Penetration
Testing
-
What’s
the
Difference?

Posted by Emma Seaman - 04 August, 2017

Traditional penetration testing is crucial to security, but can be limited due to time and scope constraints. In comparison, Red Team campaigns seek to remove this limitation by providing a service that recreates actual attack scenarios and expose attack surfaces.

Red team engagements are as close to a real world hack as you can get. Normal penetration testers don't have to account for adversaries, so there is no one to hide from. While a penetration test's goal is to find vulnerabilities, each red ream campaign has a specific objective... to be achieved through any means necessary.

Interested in finding out how your defence would hold up in a real world attack? Then red teaming is for you.

What is your biggest fear?

Unlike penetration testing, Red Teaming focuses on business outcomes. For example, health organisations may fear losing their clients personal identifiable information (PII) while financial institutions may be more concerned about an attacker gaining access to their ledger. A Red Team engagement has a specific goal, and go about achieving this without being restrained by traditional penetration testing boundaries.

By conducting a Red Team engagement, organisations are not only able to find out where certain vulnerabilities may lie, but also test their Incident Response (IR) capabilities, Blue Team (if they have one) and even their own end-users level of information security awareness (ability to detect fraudulent phishing emails or social engineering attempts). Red Teaming allows you to understand your enemies better by simulating the specific actions they may take. This, in turn, gives you additional opportunities to protect your assets by disrupting the enemy's potential actions.

Almost all organisations conduct penetration testing on a regularly basis. A penetration test allows organisations to plan and strategise on where to invest their security budget, and what controls they need to protect their data. It involves identifying vulnerabilities in a target organisation, and exploiting them to determine the level of access an attacker can gain.

Red Teaming on the other hand, emulates targeted cyber criminal attacks looking to avoid detection. They are able to mimic what a real-world attacker would do, having little restrictions so that the client can experience a cyber attack scenario, and determine if their defence can withstand the attack.

The team will initially involve off-site reconnaissance using public sources about the organisation (as a cyber criminal would do) prior to actively polling organisational targets. These targets could include physical work sites or offices, external internet exposed systems, the organisation's employees with the aim of gaining a foothold within the corporate network. Once this has been achieved, the campaign persists and attempts to gain the objectives of the Red Team campaign.

Red Teaming is one of the most comprehensive and in-depth engagements helping organisations determine if and how their most sensitive assets could be compromised.

Blog Archive

About us

We are an Australian IT security integration and consulting firm with offices in Sydney, Melbourne and Brisbane. Founded in March 2000, we focus on protecting our customers’ brand, reputation and bottom line, through robust security architecture; secure cloud solutions and advanced forensics and remediation. Customers include Fairfax Media and Red Cross Blood Services. more info